Sr. IT Auditor

  • Financial Industry Regulatory Authority
  • Rockville, MD, USA
  • Nov 09, 2020
[Information Technology]

Job Description

Under general direction of the VP, IT audit, IT Auditor Project Leader conducts IT audits to provide technology and senior management with an independent assessment of whether the system of internal controls provides reasonable assurance that business objectives are achieved; resources are used economically and efficiently; governing laws and regulations, as well as FINRA rules and policies are complied with; financial and operating information is reliable and timely; and corporate assets are adequately safeguarded.Essential Job Functions:Conduct audits (Information Technology (IT) reviews and new Development Reviews (DRs)) of moderate to high complexity either working independently or as a member of an audit team or as the auditor-in-charge.Duties include performing the planning, fieldwork, reporting, and follow-up phases of assigned audits with limited supervision and in accordance with departmental (ref., Audit Manual) and professional standards (promulgated by the Information Systems Audit and Control Association and the Institute of Internal Auditors).Develop annual Audit Plan by providing input to a risk assessment of market, regulatory, and corporate systems and related infrastructure operated by or on behalf of FINRA and its subsidiaries.Assist Business Area audit teams on business process (integrated) audits by evaluating the application controls of systems that support the business process under review, and developing computer assisted audit techniques (CAATs) to facilitate the testing of controls.Take the lead in working with IA Management on enhancing IA's Data Analytics Program capabilities: 1) Design and develop risk analytics, predictive models, etc., utilizing data collected by IA from a wide range of FINRA systems. 2) Leverage data analytics to effectively evaluate FINRA functions in coordination with Internal Audit management and staff.Support Business Area audit teams in performing Development Reviews (DRs) as assigned and conduct IT focused development reviews.Document and communicate audit results both orally and in writing in an objective, clear, concise, constructive, and timely manner.Depending on level, a minimal to moderate amount of editing of audit reports by the Director (IS Audit) and the SVP of Internal Audit and work paper review comments are expected.Stay abreast of new or emerging information technologies, products, and best practices.Assist VP (IT Audit) in the following areas: (1) Offer suggestions to improve departmental processes and procedures; (2) Perform administrative tasks such as audit-related time reporting and continual updating of the FINRA Audit Management Information System (AMIS).Provide on-the-job training for assigned staff with respect to audit techniques and administration, and offer input into their performance evaluations.Perform special projects as assigned.Education/Experience Requirements:Bachelor's in Computer Science, Management Information Systems (MIS), Cybersecurity, Information Technology (IT), Finance/Accounting, or related field; Master's degree in above disciplines preferred.Minimum of 3 - 7 years' audit, risk assurance, advisory, cybersecurity or technical experience related to database and OS (Unix, Oracle, PostgreSQL, Windows Active Directory) and cloud computing (AWS).Scripting for data gathering and analysis using SQL, Python, ACL, Access, and similar tools and techniques strongly preferred.Information Security coursework or work experience.Required Proficiency with security testing at the application, database and OS layers; vulnerability assessments; and application/network architectural reviews.Experience with data analytics/visualization and SIEM tools (e.g., Tableau, Splunk, and ACL) preferred.Must be comfortable working with different clients and communicating both orally and in writing.Professional certification (such as CISA, CISSP, CIA) and/or advanced degree desirable; ability to obtain at least one industry certification within 18 months of hire.Application development and programming experience not required, but beneficial.Proficiency with Office 365, Visio, and Microsoft Office tools expected.Working Conditions:Normal office conditions.Some travel may be required (less than 20% annually).To be considered for this position, please submit an application. The information provided above has been designed to indicate the general nature and level of work of the position. It is not a comprehensive inventory of all duties, responsibilities and qualifications required.Please note: If the "Apply Now" button on a job board posting does not take you directly to the FINRA Careers site, enter into your browser to reach our site directly.FINRA strives to make our career site accessible to all users. If you need a disability-related accommodation for completing the application process, please contact FINRA's accommodation help line at 240.###.####. Please note that this number is exclusively for inquiries regarding application accommodations.In addition to a competitive salary, comprehensive health and welfare benefits, and incentive compensation, FINRA offers immediate participation and vesting in a 401(k) plan with company match. You will also be eligible for participation in an additional FINRA-funded retirement contribution, our tuition reimbursement program and many other benefits. If you would like to contribute to our important mission and work collegially in a professional organization that values intelligence, integrity and initiative, consider a career with FINRA.Important InformationFINRA's Code of Conduct imposes restrictions on employees' investments and requires financial disclosures that are uniquely related to our role as a securities regulator. FINRA employees are required to disclose to FINRA all brokerage accounts that they maintain, and those in which they control trading or have a financial interest (including any trust account of which they are a trustee or beneficiary and all accounts of a spouse, domestic partner or minor child who lives with the employee) and to authorize their broker-dealers to provide FINRA with duplicate statements for all of those accounts. All of those accounts are subject to the Code's investment and securities account restrictions, and new employees must comply with those investment restrictions-including disposing of any security issued by a company on FINRA's Prohibited Company List or obtaining a written waiver from their Executive Vice President-by the date they begin employment with FINRA. Employees may only maintain securities accounts that must be disclosed to FINRA at one or more securities firms that provide an electronic feed (e-feed) of data to FINRA, and must move securities accounts from other securities firms to a firm that provides an e-feed within three months of beginning employment.You can read more about these restrictions here.As standard practice, employees must also execute FINRA's Employee Confidentiality and Invention Assignment Agreement without qualification or modification and comply with the company's policy on nepotism.Search Firm RepresentativesPlease be advised that FINRA is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, a valid written agreement and task order must be in place before any resumes are submitted to FINRA. All resumes submitted by search firms to any employee at FINRA without a valid written agreement and task order in place will be deemed the sole property of FINRA a